Qpid
  1. Qpid
  2. QPID-3892

ACLs shall support full regular expressions in property values

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.14
    • Fix Version/s: 0.19
    • Component/s: C++ Broker
    • Labels:

      Description

      Currently ACL syntax supports in a property value either direct match ("name=RequestQueue") or a substring match ("name=tmp.*").

      That is not sufficient when authorizing access to topics. One particular example: amq.topic exchange receives messages with keys usa.sports, usa.news, europe.sports and europe.news. Currently we can not authorize access just to topics *.sports and to usa. *

      As there exist different use cases where regular expressions are required in a, it is meaningful to support (full) regular expressions in ACL property values.

      Since qpid C++ broker already relies on boost libraries a lot, I suggest (in a patch proposed) using boost::regex library.

      I tested the attached patch on Fedora, not sure if other Linux distributions are familiar with the change in Makefile.am.

        Activity

        Chuck Rolke made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Chuck Rolke made changes -
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 0.19 [ 12322452 ]
        Chuck Rolke made changes -
        Summary ACLs shall support full regural expressions in property values ACLs shall support full regular expressions in property values
        Description Currently ACL syntax supports in a property value either direct match ("name=RequestQueue") or a substring match ("name=tmp.*").

        That is not sufficient when authorizing access to topics. One particular example: amq.topic exchange receives messages with keys usa.sports, usa.news, europe.sports and europe.news. Currently we can not authorize access just to topics *.sports and to usa.*

        As there exist different use cases where regular expressions are required in a, it is meaningful to support (full) regular expressions in ACL property values.

        Since qpid C++ broker already relies on boost libraries a lot, I suggest (in a patch proposed) using boost::regex library.

        I tested the attached patch on Fedora, not sure if other Linux distributions are familiar with the change in Makefile.am.
        Currently ACL syntax supports in a property value either direct match ("name=RequestQueue") or a substring match ("name=tmp.*").

        That is not sufficient when authorizing access to topics. One particular example: amq.topic exchange receives messages with keys usa.sports, usa.news, europe.sports and europe.news. Currently we can not authorize access just to topics **.sports* and to *usa.* *

        As there exist different use cases where regular expressions are required in a, it is meaningful to support (full) regular expressions in ACL property values.

        Since qpid C++ broker already relies on boost libraries a lot, I suggest (in a patch proposed) using boost::regex library.

        I tested the attached patch on Fedora, not sure if other Linux distributions are familiar with the change in Makefile.am.
        Chuck Rolke made changes -
        Assignee Chuck Rolke [ chug ]
        Pavel Moravec made changes -
        Field Original Value New Value
        Attachment ACLs-full-regexp.patch [ 12517723 ]
        Pavel Moravec created issue -

          People

          • Assignee:
            Chuck Rolke
            Reporter:
            Pavel Moravec
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development